While at the VB conference in Barcelona last month, I also had the chance to attend a presentation on Snowshoe Spamming, presented by Brett Cove of Sophos.
What is snowshoe spamming? Well, it’s a different type of problem than the traditional spam problem. Whereas botnet spam has declined over the past 12 months, snowshoe spam has increased.
Snowshoe spam gets its name because the spammers distribute its email over a wider area of IP addresses in order to avoid detection (not to mention IP blacklisting). It does this in order to maintain a light footprint. Just like real life snowshoes distribute your weight over a wide area to avoid sinking into the snow, snowshoe spam distributes its weight over a wide area to avoid filters.
Snowshoe spammers use dedicated IP addresses that are purchased by the spammer, and more often than not, the IPs are hosted in the United States. The spammers make their money from affiliate programs and are not necessarily black hat spammers. I use the term gray hat spammer, and those hats frequently have varying shades of gray.
The problem is that the 2003 CAN SPAM Act is an opt-out law; it is easy to spam and still remain compliant. Whereas other countries explicitly require email marketers to obtain the users’ consent to receive the mails, the CAN SPAM Act only requires you to provide the user a way of opting out. Thus, you can honor every opt out but still sign people up to receive more mail without technically violating the US law.
Snowshoe spam differs from criminal spam (sent by black hat spammers and botnets) in some key ways:
Snowshoe spam also differs from solicited bulk mail, which is legitimate bulk mail (I’d bet that everyone reading this email receives some solicited bulk mail; I certainly do). But while solicited bulk mail is legitimate, snowshoe spam contains very shady tactics:
Why is snowshoe spam a problem?
What can be done to combat snowshoe spam? Are we forever doomed to live with dark gray mailers who stay under the radar?
That’s all I took in for this presentation. It wasn’t completely new to me, but I did learn a lot.
Did you spell SnowShoe that way in the title on purpose? Great article, many thanks for explaining the concept.